Commit Graph

1817 Commits

Author SHA1 Message Date
Matt Holt
6d9a83376b caddytls: Sync distributed storage cleaning (#5940)
* caddytls: Log out remote addr to detect abuse

* caddytls: Sync distributed storage cleaning

* Handle errors

* Update certmagic to fix tiny bug

* Split off port when logging remote IP

* Upgrade CertMagic
2023-12-07 13:26:21 -07:00
Andreas Kohn
df5edf6bdb caddytls: Context to DecisionFunc (#5923)
See https://github.com/caddyserver/certmagic/pull/255
2023-12-07 13:26:21 -07:00
Mohammed Al Sahaf
908e956927 tls: accept placeholders in string values of certificate loaders (#5963)
* tls: loader: accept placeholders in string values

* appease the linter
2023-12-07 13:26:21 -07:00
Matt Holt
2f7ceb5774 templates: Offically make templates extensible (#5939)
* templates: Offically make templates extensible

This supercedes #4757 (and #4568) by making template extensions
configurable.

The previous implementation was never documented AFAIK and had only
1 consumer, which I'll notify as a courtesy.

* templates: Add 'maybe' function for optional components

* Try to fix lint error
2023-12-07 13:26:21 -07:00
WeidiDeng
e89c9a45b9 http2 uses new round-robin scheduler (#5946) 2023-12-07 13:26:21 -07:00
WeidiDeng
e9ac48b4be panic when reading from backend failed to propagate stream error (#5952) 2023-12-07 13:26:21 -07:00
dlorenc
e55570298a chore: Bump otel to v1.21.0. (#5949)
Signed-off-by: Dan Lorenc <dlorenc@chainguard.dev>
2023-12-07 13:26:21 -07:00
WeidiDeng
87f63b125b httpredirectlistener: Only set read limit for when request is HTTP (#5917) 2023-12-07 13:26:21 -07:00
Matthew Holt
801ec75669 fileserver: Add .m4v for browse template icon 2023-12-07 13:26:21 -07:00
Mohammed Al Sahaf
c8219d0e95 Revert "caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)" (#5924) 2023-12-07 13:26:21 -07:00
WeidiDeng
36fce3fa18 go.mod: update quic-go version to v0.40.0 (#5922) 2023-12-07 13:26:21 -07:00
Marten Seemann
547f069564 update quic-go to v0.39.3 (#5918) 2023-12-07 13:26:21 -07:00
WeidiDeng
d9fbef92fc chore: Fix usage pool comment (#5916) 2023-12-07 13:26:21 -07:00
Mohammed Al Sahaf
1a4c857bb9 test: acmeserver: add smoke test for the ACME server directory (#5914) 2023-12-07 13:26:21 -07:00
Mariano Cano
65c489a0c3 Upgrade acmeserver to github.com/go-chi/chi/v5 (#5913)
This commit upgrades the router used in the acmeserver to
github.com/go-chi/chi/v5. In the latest release of step-ca, the router
used by certificates was upgraded to that version.

Fixes #5911

Signed-off-by: Mariano Cano <mariano.cano@gmail.com>
2023-12-07 13:26:21 -07:00
Francis Lavoie
db55da59ef caddyhttp: Adjust scheme placeholder docs (#5910) 2023-12-07 13:26:21 -07:00
Matthew Holt
b4c7313cc7 go.mod: Upgrade quic-go to v0.39.1 2023-12-07 13:26:21 -07:00
Ethan Brown (Domino)
b809ed71ed go.mod: CVE-2023-45142 Update opentelemetry (#5908) 2023-12-07 13:26:21 -07:00
Francis Lavoie
0259853a41 templates: Delete headers on httpError to reset to clean slate (#5905) 2023-12-07 13:26:21 -07:00
Francis Lavoie
f0ea489d89 httpcaddyfile: Remove port from logger names (#5881)
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2023-12-07 13:26:21 -07:00
Matt Holt
648207063e core: Apply SO_REUSEPORT to UDP sockets (#5725)
* core: Apply SO_REUSEPORT to UDP sockets

For some reason, 10 months ago when I implemented SO_REUSEPORT
for TCP, I didn't realize, or forgot, that it can be used for UDP too. It is a
much better solution than using deadline hacks to reuse a socket, at
least for TCP.

Then https://github.com/mholt/caddy-l4/issues/132 was posted,
in which we see that UDP servers never actually stopped when the
L4 app was stopped. I verified this using this command:

    $ nc -u 127.0.0.1 55353

combined with POSTing configs to the /load admin endpoint (which
alternated between an echo server and a proxy server so I could tell
which config was being used).

I refactored the code to use SO_REUSEPORT for UDP, but of course
we still need graceful reloads on all platforms, not just Unix, so I
also implemented a deadline hack similar to what we used for
TCP before. That implementation for TCP was not perfect, possibly
having a logical (not data) race condition; but for UDP so far it
seems to be working. Verified the same way I verified that SO_REUSEPORT
works.

I think this code is slightly cleaner and I'm fairly confident this code
is effective.

* Check error

* Fix return

* Fix var name

* implement Unwrap interface and clean up

* move unix packet conn to platform specific file

* implement Unwrap for unix packet conn

* Move sharedPacketConn into proper file

* Fix Windows

* move sharedPacketConn and fakeClosePacketConn to proper file

---------

Co-authored-by: Weidi Deng <weidi_deng@icloud.com>
2023-12-07 13:26:21 -07:00
Harish Shan
9782ea3400 caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)
* Use sync.Pool to reduce lengthReader allocations

Signed-off-by: Harish Shan <140232061+perhapsmaple@users.noreply.github.com>

* Add defer putLengthReader to prevent leak

Signed-off-by: Harish Shan <140232061+perhapsmaple@users.noreply.github.com>

* Cleanup in putLengthReader

Co-authored-by: Francis Lavoie <lavofr@gmail.com>

---------

Signed-off-by: Harish Shan <140232061+perhapsmaple@users.noreply.github.com>
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-12-07 13:26:21 -07:00
Thanmay Nath
11a082c060 cmd: Add newline character to version string in CLI output (#5895) 2023-12-07 13:26:21 -07:00
WeidiDeng
15adb893d5 core: quic listener will manage the underlying socket by itself (#5749)
* core: quic listener will manage the underlying socket by itself.

* format code

* rename sharedQUICTLSConfig to sharedQUICState, and it will now manage the number of active requests

* add comment

* strict unwrap type

* fix unwrap

* remove comment
2023-12-07 13:26:21 -07:00
Francis Lavoie
16834d64de templates: Clarify include args docs, add .ClientIP (#5898) 2023-12-07 13:26:21 -07:00
Francis Lavoie
ec2de22ab1 httpcaddyfile: Fix TLS automation policy merging with get_certificate (#5896) 2023-12-07 13:26:21 -07:00
Mohammed Al Sahaf
979c413f04 cmd: upgrade: resolve symlink of the executable (#5891) 2023-12-07 13:26:21 -07:00
WeidiDeng
ae5e2d96b7 caddyfile: Fix variadic placeholder false positive when token contains : (#5883) 2023-12-07 13:26:21 -07:00
Norman Soetbeer
0e204b730a
admin: Respond with 4xx on non-existing config path (#5870)
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2023-10-11 20:24:29 +00:00
Francis Lavoie
fae195ac7e
ci: Force the Go version for govulncheck (#5879) 2023-10-11 20:09:02 +00:00
Forza
130f6d1f83
fileserver: Set canonical URL on browse template (#5867)
* Browse.html: Add canonical URL and home-link

When contents are equal, but maybe just a sort order is different, it is good to add `<link rel="canonical" href="base-path/" />`. This helps search engines propeely index the page.

I also added a link to the home page with the name of `{{.Host}}` just above the bread crumbs to make the page clearer.

https://paste.tnonline.net/files/28Wun5CQZiqA_Screenshot_20231007_134435_Opera.png

* Update browse.html
2023-10-11 13:47:38 -06:00
Bas Westerbaan
289934f3d1
tls: Add X25519Kyber768Draft00 PQ "curve" behind build tag (#5852)
… when compiled with cfgo (https://github.com/cloudflare/go).
2023-10-11 13:45:37 -06:00
Matt Holt
3a3182fba3
reverseproxy: Add more debug logs (#5793)
* reverseproxy: Add more debug logs

This makes debug logging very noisy when reverse proxying, but I guess
that's the point.

This has shown to be useful in troubleshooting infrastructure issues.

* Update modules/caddyhttp/reverseproxy/streaming.go

Co-authored-by: Francis Lavoie <lavofr@gmail.com>

* Update modules/caddyhttp/reverseproxy/streaming.go

Co-authored-by: Francis Lavoie <lavofr@gmail.com>

* Add opt-in `trace_logs` option

* Rename to VerboseLogs

---------

Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-10-11 13:36:20 -06:00
Francis Lavoie
e8b8d4a8cd
reverseproxy: Fix least_conn policy regression (#5862) 2023-10-11 16:04:28 +00:00
Francis Lavoie
a8586b05aa
reverseproxy: Add logging for dynamic A upstreams (#5857) 2023-10-11 09:50:44 -06:00
Francis Lavoie
05dbe1c171
reverseproxy: Replace health header placeholders (#5861) 2023-10-11 09:50:28 -06:00
Francis Lavoie
33d8d2c6b5
httpcaddyfile: Sort TLS SNI matcher for deterministic JSON output (#5860)
* httpcaddyfile: Sort TLS SNI matcher, for deterministic adapt output

* Update caddyconfig/httpcaddyfile/httptype.go

---------

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2023-10-11 09:47:07 -06:00
Francis Lavoie
9c419f1e1a
cmd: Fix exiting with custom status code, add caddy -v (#5874)
* Simplify variables for commands

* Add --envfile support for adapt command

* Carry custom status code for commands to os.Exit()

* cmd: add `-v` and `--version` to root caddy command

* Add `--envfile` to `caddy environ`, extract flag parsing to func

---------

Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>
2023-10-11 09:46:18 -06:00
Fred Cox
b245ecd325
reverseproxy: fix parsing Caddyfile fails for unlimited request/response buffers (#5828) 2023-10-11 04:42:40 -04:00
Francis Lavoie
2a6859a5e4
reverseproxy: Fix retries on "upstreams unavailable" error (#5841) 2023-10-10 22:07:20 +00:00
Đỗ Trọng Hải
df99502977
httpcaddyfile: Enable TLS for catch-all site if tls directive is specified (#5808) 2023-10-10 21:46:39 +00:00
Christoph
e0aaefab80
encode: Add application/wasm* to the default content types (#5869) 2023-10-10 21:18:37 +00:00
Kévin Dunglas
fa5a579b60
fileserver: Add command shortcuts -l and -a (#5854) 2023-10-10 20:57:18 +00:00
Matthew Holt
88b4fbf244
go.mod: Upgrade dependencies incl. x/net/http
Possibly important for the HTTP/2 Rapid Reset issue.
2023-10-10 12:01:20 -06:00
Thanmay Nath
5653c36bc2
templates: Add dummy RemoteAddr to httpInclude request, proxy compatibility (#5845)
* Enhancement: Allow X-Forwarded-For Header in httpInclude Virtual Requests

The goal of this enhancement is to modify the funcHTTPInclude function in the Caddy codebase to include the X-Forwarded-For header in the virtual request. This change will enable reverse proxies to set the X-Forwarded-For header, ensuring that the client's IP address is correctly provided to the target endpoint. This modification is essential for applications that depend on the X-Forwarded-For header for various functionalities, such as authentication, logging, or content customization.

* Updated tplcontext.go - set `virtReq.RemoteAddr = "127.0.0.1"`

i have made the suggested changes

* Apply suggestions from code review

* Update modules/caddyhttp/templates/tplcontext.go

---------

Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2023-10-07 20:47:34 +00:00
Patrick Koenig
4feac4d83c
reverseproxy: Allow fallthrough for response handlers without routes (#5780) 2023-10-05 23:15:26 -04:00
Kévin Dunglas
82c356f254
fix: caddytest.AssertResponseCode error message (#5853) 2023-10-02 20:55:09 +00:00
dependabot[bot]
1405683c2b
build(deps): bump goreleaser/goreleaser-action from 4 to 5 (#5847)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-02 00:34:43 +00:00
dependabot[bot]
89c407aa34
build(deps): bump actions/checkout from 3 to 4 (#5846)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-01 20:13:54 -04:00
Matthew Holt
58ab3a01a0
caddyhttp: Use LimitedReader for HTTPRedirectListener 2023-09-26 07:32:46 -06:00